web/src/decrypt/qmc_key.ts

import { TeaCipher } from '@/utils/tea';

const SALT_LEN = 2;
const ZERO_LEN = 7;

export function QmcDeriveKey(raw: Uint8Array): Uint8Array {
  const textDec = new TextDecoder();
  const rawDec = Buffer.from(textDec.decode(raw), 'base64');
  let n = rawDec.length;
  if (n < 16) {
    throw Error('key length is too short');
  }

  const simpleKey = simpleMakeKey(106, 8);
  let teaKey = new Uint8Array(16);
  for (let i = 0; i < 8; i++) {
    teaKey[i << 1] = simpleKey[i];
    teaKey[(i << 1) + 1] = rawDec[i];
  }
  const sub = decryptTencentTea(rawDec.subarray(8), teaKey);
  rawDec.set(sub, 8);
  return rawDec.subarray(0, 8 + sub.length);
}

// simpleMakeKey exported only for unit test
export function simpleMakeKey(salt: number, length: number): number[] {
  const keyBuf: number[] = [];
  for (let i = 0; i < length; i++) {
    const tmp = Math.tan(salt + i * 0.1);
    keyBuf[i] = 0xff & (Math.abs(tmp) * 100.0);
  }
  return keyBuf;
}

function decryptTencentTea(inBuf: Uint8Array, key: Uint8Array): Uint8Array {
  if (inBuf.length % 8 != 0) {
    throw Error('inBuf size not a multiple of the block size');
  }
  if (inBuf.length < 16) {
    throw Error('inBuf size too small');
  }

  const blk = new TeaCipher(key, 32);

  const tmpBuf = new Uint8Array(8);
  const tmpView = new DataView(tmpBuf.buffer);

  blk.decrypt(tmpView, new DataView(inBuf.buffer, inBuf.byteOffset, 8));

  const nPadLen = tmpBuf[0] & 0x7; //只要最低三位
  /*密文格式:PadLen(1byte)+Padding(var,0-7byte)+Salt(2byte)+Body(var byte)+Zero(7byte)*/
  const outLen = inBuf.length - 1 /*PadLen*/ - nPadLen - SALT_LEN - ZERO_LEN;
  const outBuf = new Uint8Array(outLen);

  let ivPrev = new Uint8Array(8);
  let ivCur = inBuf.slice(0, 8); // init iv
  let inBufPos = 8;

  // 跳过 Padding Len 和 Padding
  let tmpIdx = 1 + nPadLen;

  // CBC IV 处理
  const cryptBlock = () => {
    ivPrev = ivCur;
    ivCur = inBuf.slice(inBufPos, inBufPos + 8);
    for (let j = 0; j < 8; j++) {
      tmpBuf[j] ^= ivCur[j];
    }
    blk.decrypt(tmpView, tmpView);
    inBufPos += 8;
    tmpIdx = 0;
  };

  // 跳过 Salt
  for (let i = 1; i <= SALT_LEN; ) {
    if (tmpIdx < 8) {
      tmpIdx++;
      i++;
    } else {
      cryptBlock();
    }
  }

  // 还原明文
  let outBufPos = 0;
  while (outBufPos < outLen) {
    if (tmpIdx < 8) {
      outBuf[outBufPos] = tmpBuf[tmpIdx] ^ ivPrev[tmpIdx];
      outBufPos++;
      tmpIdx++;
    } else {
      cryptBlock();
    }
  }

  // 校验Zero
  for (let i = 1; i <= ZERO_LEN; i++) {
    if (tmpBuf[tmpIdx] != ivPrev[tmpIdx]) {
      throw Error('zero check failed');
    }
  }
  return outBuf;
}
all: format with prettier 2021-12-18 13:55:31 +00:00			`import { TeaCipher } from '@/utils/tea';`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00
all: format with prettier 2021-12-18 13:55:31 +00:00			`const SALT_LEN = 2;`
			`const ZERO_LEN = 7;`
chore(QMCv2): fix code style 2021-12-17 00:41:44 +00:00
			`export function QmcDeriveKey(raw: Uint8Array): Uint8Array {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`const textDec = new TextDecoder();`
			`const rawDec = Buffer.from(textDec.decode(raw), 'base64');`
chore(QMCv2): fix code style 2021-12-17 00:41:44 +00:00			`let n = rawDec.length;`
			`if (n < 16) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`throw Error('key length is too short');`
chore(QMCv2): fix code style 2021-12-17 00:41:44 +00:00			`}`

all: format with prettier 2021-12-18 13:55:31 +00:00			`const simpleKey = simpleMakeKey(106, 8);`
chore(QMCv2): fix code style 2021-12-17 00:41:44 +00:00			`let teaKey = new Uint8Array(16);`
			`for (let i = 0; i < 8; i++) {`
			`teaKey[i << 1] = simpleKey[i];`
			`teaKey[(i << 1) + 1] = rawDec[i];`
			`}`
all: format with prettier 2021-12-18 13:55:31 +00:00			`const sub = decryptTencentTea(rawDec.subarray(8), teaKey);`
			`rawDec.set(sub, 8);`
			`return rawDec.subarray(0, 8 + sub.length);`
chore(QMCv2): fix code style 2021-12-17 00:41:44 +00:00			`}`

			`// simpleMakeKey exported only for unit test`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`export function simpleMakeKey(salt: number, length: number): number[] {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`const keyBuf: number[] = [];`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`for (let i = 0; i < length; i++) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`const tmp = Math.tan(salt + i * 0.1);`
			`keyBuf[i] = 0xff & (Math.abs(tmp) * 100.0);`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
all: format with prettier 2021-12-18 13:55:31 +00:00			`return keyBuf;`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`

			`function decryptTencentTea(inBuf: Uint8Array, key: Uint8Array): Uint8Array {`
			`if (inBuf.length % 8 != 0) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`throw Error('inBuf size not a multiple of the block size');`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
			`if (inBuf.length < 16) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`throw Error('inBuf size too small');`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`

all: format with prettier 2021-12-18 13:55:31 +00:00			`const blk = new TeaCipher(key, 32);`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00
			`const tmpBuf = new Uint8Array(8);`
			`const tmpView = new DataView(tmpBuf.buffer);`

all: format with prettier 2021-12-18 13:55:31 +00:00			`blk.decrypt(tmpView, new DataView(inBuf.buffer, inBuf.byteOffset, 8));`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00
all: format with prettier 2021-12-18 13:55:31 +00:00			`const nPadLen = tmpBuf[0] & 0x7; //只要最低三位`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`/密文格式:PadLen(1byte)+Padding(var,0-7byte)+Salt(2byte)+Body(var byte)+Zero(7byte)/`
			`const outLen = inBuf.length - 1 /PadLen/ - nPadLen - SALT_LEN - ZERO_LEN;`
all: format with prettier 2021-12-18 13:55:31 +00:00			`const outBuf = new Uint8Array(outLen);`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00
			`let ivPrev = new Uint8Array(8);`
			`let ivCur = inBuf.slice(0, 8); // init iv`
			`let inBufPos = 8;`

			`// 跳过 Padding Len 和 Padding`
			`let tmpIdx = 1 + nPadLen;`

			`// CBC IV 处理`
			`const cryptBlock = () => {`
			`ivPrev = ivCur;`
all: format with prettier 2021-12-18 13:55:31 +00:00			`ivCur = inBuf.slice(inBufPos, inBufPos + 8);`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`for (let j = 0; j < 8; j++) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`tmpBuf[j] ^= ivCur[j];`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
all: format with prettier 2021-12-18 13:55:31 +00:00			`blk.decrypt(tmpView, tmpView);`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`inBufPos += 8;`
			`tmpIdx = 0;`
all: format with prettier 2021-12-18 13:55:31 +00:00			`};`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00
			`// 跳过 Salt`
all: format with prettier 2021-12-18 13:55:31 +00:00			`for (let i = 1; i <= SALT_LEN; ) {`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`if (tmpIdx < 8) {`
			`tmpIdx++;`
			`i++;`
			`} else {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`cryptBlock();`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
			`}`

			`// 还原明文`
			`let outBufPos = 0;`
			`while (outBufPos < outLen) {`
			`if (tmpIdx < 8) {`
			`outBuf[outBufPos] = tmpBuf[tmpIdx] ^ ivPrev[tmpIdx];`
all: format with prettier 2021-12-18 13:55:31 +00:00			`outBufPos++;`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`tmpIdx++;`
			`} else {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`cryptBlock();`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
			`}`

			`// 校验Zero`
			`for (let i = 1; i <= ZERO_LEN; i++) {`
			`if (tmpBuf[tmpIdx] != ivPrev[tmpIdx]) {`
all: format with prettier 2021-12-18 13:55:31 +00:00			`throw Error('zero check failed');`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`
			`}`
all: format with prettier 2021-12-18 13:55:31 +00:00			`return outBuf;`
feat(QMCv2): add key decrypt 2021-12-16 17:28:48 +00:00			`}`